aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Hurst <tom@hur.st>2023-10-30 22:45:22 +0000
committerRobert Clausecker <fuz@FreeBSD.org>2023-11-03 21:16:19 +0000
commit0a1052798c8e4879ca869b9032830a4ca00b1c02 (patch)
tree0b078dde483d5155f6776996a8122c264598d40c
parent058d72efccdaaff3cca0d5780fb3de61d64a5321 (diff)
downloadports-0a1052798c8e4879ca869b9032830a4ca00b1c02.tar.gz
ports-0a1052798c8e4879ca869b9032830a4ca00b1c02.zip
graphics/optipng: Add fix for CVE-2023-43907
- Add a bounds check to prevent out-of-bounds read of buffer on specially-formed GIF files. - Remove BUNDLED_LIBPNG and BUNDLED_ZLIB, as the supplied versions are well out of date and offer no noted advantages. PR: 274822 MFH: 2023Q4 Security: fe7ac70a-792b-11ee-bf9a-a04a5edf46d9
Diffstat
-rw-r--r--graphics/optipng/Makefile28
-rw-r--r--graphics/optipng/files/patch-src_gifread_gifread.c14
2 files changed, 26 insertions, 16 deletions
diff --git a/graphics/optipng/Makefile b/graphics/optipng/Makefile
index adf3fcdb59be..acbe6053199d 100644
--- a/graphics/optipng/Makefile
+++ b/graphics/optipng/Makefile
@@ -1,36 +1,32 @@
PORTNAME= optipng
-PORTVERSION= 0.7.7
+DISTVERSION= 0.7.7
+PORTREVISION= 1
CATEGORIES= graphics
MASTER_SITES= SF/${PORTNAME}/OptiPNG/${PORTNAME}-${PORTVERSION}
MAINTAINER= tom@hur.st
COMMENT= Optimizer for PNG files
-WWW= http://optipng.sourceforge.net/
+WWW= https://optipng.sourceforge.net/
LICENSE= ZLIB
LICENSE_FILE= ${WRKSRC}/LICENSE.txt
-OPTIONS_DEFINE= BUNDLED_LIBPNG BUNDLED_ZLIB DOCS
+LIB_DEPENDS= libpng.so:graphics/png
-BUNDLED_LIBPNG_DESC= Use bundled libpng
-BUNDLED_LIBPNG_CONFIGURE_OFF= --with-system-libpng
-BUNDLED_LIBPNG_CONFIGURE_ON= --without-system-libpng
-BUNDLED_LIBPNG_LIB_DEPENDS_OFF= libpng.so:graphics/png
-BUNDLED_LIBPNG_USES_OFF= localbase:ldflags
-
-BUNDLED_ZLIB_DESC= Use bundled zlib
-BUNDLED_ZLIB_CONFIGURE_OFF= --with-system-zlib
-BUNDLED_ZLIB_CONFIGURE_ON= --without-system-zlib
+USES= cpe gmake localbase:ldflags
+CPE_VENDOR= optipng_project
-USES= cpe gmake
HAS_CONFIGURE= yes
+CONFIGURE_ARGS= --with-system-libpng \
+ --with-system-zlib
-CPE_VENDOR= optipng_project
-
-PLIST_FILES= bin/optipng man/man1/optipng.1.gz
+PLIST_FILES= bin/optipng \
+ man/man1/optipng.1.gz
PORTDOCS= history.txt optipng.man.html optipng.man.pdf optipng.man.txt \
png_optimization.html todo.txt
+OPTIONS_DEFINE= DOCS
+
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/src/optipng/optipng ${STAGEDIR}${PREFIX}/bin/
${INSTALL_MAN} ${WRKSRC}/src/optipng/man/optipng.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/
diff --git a/graphics/optipng/files/patch-src_gifread_gifread.c b/graphics/optipng/files/patch-src_gifread_gifread.c
new file mode 100644
index 000000000000..bfc0112026c5
--- /dev/null
+++ b/graphics/optipng/files/patch-src_gifread_gifread.c
@@ -0,0 +1,14 @@
+--- src/gifread/gifread.c.orig 2017-12-10 23:49:00 UTC
++++ src/gifread/gifread.c
+@@ -363,6 +363,11 @@ static int LZWGetCode(int code_size, int init_flag, FI
+ lastbit = (2 + count) * 8;
+ }
+
++ if (code_size && (size_t)(curbit + code_size - 1) / 8 >= sizeof(buffer)) {
++ GIFError("Malformed GIF (CVE-2023-43907)");
++ return -1;
++ }
++
+ ret = 0;
+ for (i = curbit, j = 0; j < code_size; ++i, ++j)
+ ret |= ((buffer[i / 8] & (1 << (i % 8))) != 0) << j;
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-19 05:33:44 +0000